Bug #605
closed
No mail since 2017-10-15 07:00:02
50%
Description
On orfeo, Oct 15 07:00:00 (UTC+2), policyd-weight daemon was unable to restart, then all incoming mail were rejected.
# systemctl status policyd-weight.service
● policyd-weight.service - LSB: Start and stop the policyd-weight daemon
Loaded: loaded (/etc/init.d/policyd-weight; generated; vendor preset: enabled)
Active: failed (Result: exit-code) since Sun 2017-10-15 07:00:02 CEST; 1 day 5h ago
Docs: man:systemd-sysv-generator(8)
Process: 28244 ExecStop=/etc/init.d/policyd-weight stop (code=exited, status=0/SUCCESS)
Process: 28291 ExecStart=/etc/init.d/policyd-weight start (code=exited, status=1/FAILURE)
Tasks: 0 (limit: 4915)
Memory: 372.0K
CPU: 389ms
CGroup: /system.slice/policyd-weight.service
# grep "policyd-weight" /var/log/syslog.1 Oct 15 07:00:00 orfeo systemd[1]: Stopping LSB: Start and stop the policyd-weight daemon... Oct 15 07:00:02 orfeo policyd-weight[28244]: Stopping policyd-weight (incl. cache): policyd-weight. Oct 15 07:00:02 orfeo systemd[1]: Stopped LSB: Start and stop the policyd-weight daemon. Oct 15 07:00:02 orfeo systemd[1]: Starting LSB: Start and stop the policyd-weight daemon... Oct 15 07:00:03 orfeo policyd-weight[28291]: Starting policyd-weight: policyd-weightmaster: bind 12525: IO::Socket::INET: Address already in use Address already in use at /usr/sbin/policyd-weight line 1052. Oct 15 07:00:03 orfeo postfix/policyd-weight[28294]: warning: err: init: master: bind 12525: IO::Socket::INET: Address already in use Address already in use at /usr/sbin/policyd-weight line 1052. Oct 15 07:00:03 orfeo policyd-weight[28291]: failed! Oct 15 07:00:04 orfeo systemd[1]: policyd-weight.service: Control process exited, code=exited status=1 Oct 15 07:00:04 orfeo systemd[1]: Failed to start LSB: Start and stop the policyd-weight daemon. Oct 15 07:00:04 orfeo systemd[1]: policyd-weight.service: Unit entered failed state. Oct 15 07:00:04 orfeo systemd[1]: policyd-weight.service: Failed with result 'exit-code'. Oct 15 07:00:05 orfeo postfix/policyd-weight[16253]: cache killed
# /var/log/syslog.1 extract Oct 15 07:00:39 orfeo postfix/smtpd[28403]: warning: connect to 127.0.0.1:12525: Connection refused Oct 15 07:00:39 orfeo postfix/smtpd[28403]: warning: problem talking to server 127.0.0.1:12525: Connection refused Oct 15 07:00:40 orfeo postfix/smtpd[28403]: warning: connect to 127.0.0.1:12525: Connection refused Oct 15 07:00:40 orfeo postfix/smtpd[28403]: warning: problem talking to server 127.0.0.1:12525: Connection refused Oct 15 07:00:40 orfeo postfix/smtpd[28403]: NOQUEUE: reject: RCPT from XXX: 451 4.3.5 <XXXX@milkypond.org>: Recipient address rejected: Server configuration problem; from=<XXX@outlook.com> to=<XXX@milkypond.org> proto=ESMTP helo=<XXX>
Thanks to rtp for pointing that.
Updated by Pierre-Louis Bonicoli over 6 years ago
2017-10-16 12:13 CEST policyd-weight.service has been manually restarted.
policyd-weight.service is automatically generated by systemd-sysv-generator and use /etc/init.d/policyd-weight. /etc/init.d/policyd-weight stop calls start-stop-daemon without --retry, that's why /etc/init.d/policyd-weight start could be called while policyd-weight hasn't been stopped resulting in Address already in use.
- setup
policyd-weight.servicewithout using/etc/init.d/policyd-weight - add
restart=yesinpolicyd-weight.service
Updated by Pierre-Louis Bonicoli over 6 years ago
Duck: i propose to use the following unit, could you review it ?
[Unit] Description=Perl policy daemon for the Postfix MTA Before=postfix.service After=syslog.target network.target remote-fs.target Wants=network-online.target [Service] Type=forking ExecStart=/usr/sbin/policyd-weight start ExecReload=/usr/sbin/policyd-weight reload ExecStop=/usr/sbin/policyd-weight -k ExecStop=/usr/sbin/policyd-weight stop EnvironmentFile=/etc/policyd-weight.conf Restart=on-failure PrivateTmp=true StandardOutput=syslog StandardError=syslog SyslogIdentifier=policyd-weight ProtectSystem=strict ProtectHome=true ProtectKernelTunables=true ProtectKernelModules=true ProtectControlGroups=true MemoryDenyWriteExecute=true MountFlags=private NoNewPrivileges=true SystemCallArchitectures=native [Install] WantedBy=multi-user.target
Updated by Marc Dequènes over 6 years ago
- Related to Bug #595: Create missing systemd configuration for SYSV compatibility services added
Updated by Marc Dequènes over 6 years ago
I think EnvironmentFile should be /etc/default/policyd-weight and the start action should keep $DAEMON_OPTS to follow the package's behavior (so that we can then suggest it in a Debian BR).
Would it be possible to do a -k stop; the manpage does not seem to say it would be wrong, but I guess we would have to try to be sure.
As for the security restrictions, that's a very good idea because this daemon is not supposed to need anything else. So if it works well then GoGoGo.
The rest is fine :-).
Updated by Pierre-Louis Bonicoli over 6 years ago
Marc Dequènes wrote:
I think
EnvironmentFileshould be/etc/default/policyd-weightand the start action should keep $DAEMON_OPTS to follow the package's behavior (so that we can then suggest it in a Debian BR).
Indeed.
Would it be possible to do a
-k stop; the manpage does not seem to say it would be wrong, but I guess we would have to try to be sure.
I guess.
As for the security restrictions, that's a very good idea because this daemon is not supposed to need anything else. So if it works well then GoGoGo.
Not sure if `User=polw` could be used, I need to check that.
Updated by Pierre-Louis Bonicoli over 6 years ago
The same day, the same problem occurred on Toushirou: policyd-weight.service was unable to restart.
Updated by Marc Dequènes over 6 years ago
So, the problem is fixed temporarily as unattended upgrades would cause it to reappear sooner or later.
All such service files deployment must be done via Ansible.
We need to notify #595 when this is done.
Any news about the service file details?
Updated by Marc Dequènes almost 6 years ago
- Status changed from In Progress to Rejected
policyd-weight is not used anymore after switching to Rspamd (see #435)